Most 'Security Questions' Aren't Very Secure

[Marshall Honorof]

Security questions, which many websites use as a last line of defense against account hackers, are too easy to guess, Google has proven.

Most 'Security Questions' Aren't Very Secure : Read more

 

[postgraduate]

Always annoys me how presumptuous the security questions are. They are often things that are ambiguous or that I don't know. They should let me write my own questions. Plus, I don't know how secure they're keeping the answers so it's yet more data the corporate data miners can collect about us.

 

[Guest]

'last school', 'name of first pet' etc. These are all things that could be in the public domain, especially with the rise of facebook and other social media. When I realised this I just started lying eg mothers maiden name? - Charles Manson.
I never use the real answerts for these questions anymore

 

[lesage3]

I always answer to those question with a false response. Like first name of my grand mother? i give my grand father first name: Harold

 

[poweruser_24]

I always answer to those question with a false response. Like first name of my grand mother? i give my grand father first name: Harold

I go with weird answers: First name of my grandmother: Hippopotamus. Why? because no one will know that. I think they are also like passwords, you should have a unique set of answers per site. This means tracking these details in a tool, like keepass or password safe.

 

[rayden54]

@poweruser_24

I hope you never need to reset your password. What's the chances you'll remember that?

 

[Marshall Honorof]

Actually, coming up with fake answers is a pretty solid idea. If you check the link to the Security News Daily piece, it's one of the practices that experts encourage. A malefactor is much less likely to guess information that exists only within your head, as opposed to a public record or social media network.

Long-term, though, I agree with Google: security questions are an insecure practice, and we should probably find something to replace them.

 

[Christopher1]

@poweruser_24

I hope you never need to reset your password. What's the chances you'll remember that?

Quite good if he keeps the answers in a file encrypted on an encrypted or non-encrypted flash drive somewhere.

 

[lumankicks]

I've said it before and I've said it again: there must be a better way to secure an account than passwords.

The secure password today has what, 15 characters, both upper and lower case letters, symbls, numbers, gang signs....And can not be something from your own life.

So no kids birthdays, initials, etc. How secure is this? So secure that you can't even remember it. And here's the kicker: you must have a seperate password for each site. Facebook, twitter, pinterest, your bank account, insurance, credit cards, all seperate passwords. That makes at least six different passwords that must be completely different. Who can remember these things?

I know there are programs that will "remember" passwords for you (browsers commonly do it) but its not uncommon for these things to be hacked. What most people do instead is to create one password, and then use it for each account. Safe, huh?

I'm asking the tech community to stop being lazy. Lets develop a new way to secure accounts without having to remember the equivilent of pi down to the 32nd space.

 

[backoffmanImascientist]

The questions do not require any answer that makes sense in the context of the question asked. If I select my security query to be "What was the name of your first pet?" any string is acceptable, so rather than entering a real pet name, or a name at all, I'll enter something like my birth year and then Pi to the fifth place without the decimal. If you select "Where were you born?" give a person or pet's name, etc.

 

[Andy McAdam]

I don't see this as any different to skipping the ads like when I watch a program through my DVR

 

[Andy McAdam]

I don't see this as any different to skipping the ads like when I watch a program through my DVR

Sorry, commenting on wrong story, got confused with Toms listing all the stories one after the other.

 

[pkellmey]

I did not know The Onion posted Op Ed pieces.

 

[Udonitron]

So does the OP watch commercials on TV or fast forward through them via his PVR?

 

[CallahanUSA]

These advertisements, and SPAM, are not being used to "feed the starving children", they are forced down our throats and unsolicited.

When advertisers understand the difference between greed and a fair return, I won't need Adaway anymore.

They aren't looking to eat, they're trying to trade up their BMW's for Ferrari's

 

[psss3]

it's easy to improve upon the security of stupid security questions. Rarely if ever are these answers checked for validity when you set them up, so just answer them with unlikely substitutions. If the question asks for your high school, instead of Lincoln High, answer Licking L0w. Even if a hacker knew where you went to high school, they'd have a very hard time guessing your answer.

If a financial institution insists on using your mothers maiden name, you should insist that another question of your choice be used as a security challenge. Astonishingly, I found one credit card company merely checked that the caller ID, address and name matched the account information for validating a new card.